Aggregator

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年1月12日至2026年1月18日）安全漏洞情况如下

相关恶意网址和恶意IP归属地主要涉及：美国、加拿大、英国、德国、荷兰、乌克兰、巴西、越南。

由于发送给 Copilot 的指令是在初始提示词之后从攻击者的服务器下发的，因此客户端安全工具无法推断出正在窃取哪些数据。

Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the lifecycle, especially in projects that already rely on automated linting and testing. The tool works by examining Python code structure and matching it against a set of security-focused rules. Each finding points to a specific line of … More →

The post Bandit: Open-source tool designed to find security issues in Python code appeared first on Help Net Security.

Древний инстинкт «еда — значит риск» всё ещё работает внутри нас…

A vulnerability labeled as critical has been found in Delta Electronics DIAView up to 4.2.0. This issue affects some unknown processing. Executing a manipulation can lead to command injection. The identification of this vulnerability is CVE-2026-0975. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability was found in Mattermost up to 10.11.8/11.1.x and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation results in inefficient algorithmic complexity. This vulnerability is reported as CVE-2025-14822. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Mattermost up to 10.11.8/11.0.6/11.1.1. It has been rated as critical. This issue affects some unknown processing. Performing a manipulation results in allocation of resources. This vulnerability is known as CVE-2025-14435. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

美国频繁以“全球军事霸主”自居，高调宣称具备同时应对多线冲突的能力。当我们将目光穿透其华丽的政治表态，深入剖

这是情报分析师第1901篇原创内容本文约3460字预计阅读时间11分钟2026年被广泛视为人工智能（AI）对全

这是情报分析师第1900篇原创内容本文约4704字预计阅读时间13分钟在情报访谈、商业谈判乃至日常对话中，会提

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.119/6.6.63/6.11.10/6.12.1. This vulnerability affects the function ip6_dst_ifdown of the file pmtu.sh. Executing a manipulation can lead to excessive iteration. This vulnerability is tracked as CVE-2024-56751. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.121/6.6.67/6.12.6. This impacts the function list_del of the component smc. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2024-56718. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.12.1. Affected by this vulnerability is the function bpf_msg_pop_data of the component sockmap. The manipulation results in enforcement of behavioral workflow. This vulnerability is known as CVE-2024-56720. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.66/6.12.5. This affects an unknown part of the component Netfilter. Executing a manipulation can lead to deadlock. This vulnerability appears as CVE-2024-54683. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.11.10/6.12.1. It has been rated as critical. The impacted element is an unknown function of the component bpf. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2024-56702. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.11.10/6.12.1. This affects the function fib6_select_path of the component Routing Table Handler. Such manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2024-56703. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.4. Affected by this vulnerability is the function ip_vs_protocol_init. The manipulation results in uninitialized pointer. This vulnerability was named CVE-2024-53680. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

黄金要冲5000点吗

Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting, delivery, and remediation tracking play a critical role in determining how effective a pentest is at actually reducing risk. Security leaders increasingly expect penetration testing to integrate seamlessly into their broader security operations. Static reports no longer meet the needs … More →

The post The 2026 State of Pentesting: Why delivery and follow-through matter more than ever appeared first on Help Net Security.